[RADIATOR] Migration From Freeradius
Heikki Vatiainen
hvn at open.com.au
Tue Oct 25 05:33:15 CDT 2011
New message. The previous got sent too soon.
On 10/25/2011 01:27 AM, Jennyanydots Napoleon Shoehorn wrote:
Hello,
> My auth's mainly working but I need some general assistance getting the
> following working. Have started with the chilli-radmin.cfg file with
> some added enhancements.
>
> 1. Group check, including download limits, session timeouts etc.
Radmin has service profiles for grouping. These should help with
grouping the users. The example AcctSQLStatement shows how to update
user specific byte counters. Those might be useful to get started.
Note that the SQL statements can be modified as required.
> 2. How to authenticate against a nas-id, not an ip. We need a shared
> secret per nas
Called-Station-Id MAC address is already supported. If you configure
your client like this <Client MAC:00-11-22-33-44-55> Radiator will try
to match this against Called-Station-Id in the incoming request.
The two formats for CSI are supported: separated by dashes (-) or
without separaters e.g.: 001122334455
If e.g. SSID is appended to the MAC address, it is ignored and does not
cause problems for matching the MAC.
Would MAC address in Called-Station-Id work for you?
> 3. Hunt group implementation - allow, disallow access per network
The Identifier in Client clause can be used as a hunt group identifier.
So if you configure multiple clients with the same Identifier, use
IdenticalClients or ClientListSQL, you can group NASes to groups under
the same Identifier.
For example:
<Client 10.2.3.4>
Identifier group1
IdenticalClients 10.2.3.5
</Client>
<Handler Client-Identifier=group1>
...
The handler would then be used for requests from 10.2.3.4 and 10.2.3.
Another alternative might be to use Client-Identifier value with AuthBy
SQL. The Client-Identifier would be part of AuthSelect SQL query values
when pulling data from the DB for the user.
> Sorry if this has been covered in the docs but I've been through and
> would really appreciate a couple of decent examples. Just need to get
> started!
>
> Thanks in advance
>
> J
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list